mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-15 21:52:47 +01:00
30 lines
951 B
YAML
30 lines
951 B
YAML
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
|
|
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
|
|
# https://securityonion.net/license; you may not use this file except in compliance with the
|
|
# Elastic License 2.0.
|
|
|
|
{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-syslog:warm', 7) -%}
|
|
actions:
|
|
1:
|
|
action: allocation
|
|
description: "Apply shard allocation filtering rules to the specified indices"
|
|
options:
|
|
key: box_type
|
|
value: warm
|
|
allocation_type: require
|
|
wait_for_completion: true
|
|
timeout_override:
|
|
continue_if_exception: false
|
|
disable_action: false
|
|
filters:
|
|
- filtertype: pattern
|
|
kind: prefix
|
|
value: so-syslog
|
|
- filtertype: age
|
|
source: name
|
|
direction: older
|
|
timestring: '%Y.%m.%d'
|
|
unit: days
|
|
unit_count: {{ WARM_DAYS }}
|
|
|